Data, Government and Security - Information Management Today

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. GDPR: The landscape of data privacy and protection has never been more critical. without sufficient protection – an issue compounded by the invalidation of the EU-U.S.

GDPR

GDPR Security Compliance Data Privacy

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information. However, the proliferation of such workloads and the data within creates a complex web of data sprawl that is challenging to navigate and manage.

Data Privacy

Data Privacy Privacy GDPR Compliance

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. broadband providers.

Government

Government Communications Access Risk

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

Port of Seattle is notifying 90,000 people of a data breach after personal data was stolen in a ransomware attack in August 2024. The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. — Seattle-Tacoma Intl.

Data breaches

Data breaches Ransomware Manufacturing Education

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations.

Data Privacy

Russian cyber spies stole data and emails from UK government systems

Security Affairs

AUGUST 8, 2024

Earlier this year, Russian cyber spies breached UK government systems and stole sensitive data and emails, reported The Record media. Earlier this year, Russia’s foreign intelligence service stole internal emails and data on individuals from the UK government. ” reported The Record Media. .

Government

Government Data breaches Access IT

Canadian government impacted by data breaches of two of its contractors

Security Affairs

NOVEMBER 20, 2023

The Canadian government discloses a data breach after threat actors hacked two of its contractors. Data belonging to current and former Government of Canada employees, members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel have been also exposed.

Data breaches

Data breaches Government IT Ransomware

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

SentinelLABS researchers analyzed a data leak that suggests that the Chinese cybersecurity firm TopSec offers censorship-as-a-service services. The origin of the data leak is unclear, the leak is large and inconsistently formatted, complicating the full analysis. ” reads the report published by SentinelLabs.

Cybersecurity

Cybersecurity Government Cloud Security

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

notifies customers of credit card data breach, after threat actors hacked a third-party app from its e-commerce provider. disclosed a data breach that exposed its customers’ credit card data after threat actors hacked a third-party application from its e-commerce providerBigCommerce.

Data breaches

Data breaches IT Computer and Electronics Access

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

In an effort to be data-driven, many organizations are looking to democratize data. However, they often struggle with increasingly larger data volumes, reverting back to bottlenecking data access to manage large numbers of data engineering requests and rising data warehousing costs.

Cloud

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Data breaches

Data breaches Communications Artificial Intelligence Government

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

In September, Broadcom released security updates to the vulnerability CVE-2024-38812. It serves as a centralized and comprehensive management platform for VMware’s virtualized data centers. ” Chinese law requires researchers to disclose zero-day vulnerabilities to the government.

Government

Government Cloud Access IT

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. Enhancing secure logging, isolating device management, and enforcing strict access control lists (ACLs) are key strategies.

Government

Government Communications Access Passwords

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” reads the announcement published by the National Security and Defense Council of Ukraine. The ban does not affect Ukrainian citizens. ” continues the announcement.

Military

Military Government Personal data Phishing

Information Governance: The Foundation of Responsible AI Systems

AIIM

FEBRUARY 20, 2025

The rise of artificial intelligence has sparked a digital renaissance, transforming how we process, analyze, and utilize data. But as AI systems become more sophisticated and pervasive, a critical question emerges: How do we ensure the data feeding these systems is accurate, secure, and ethically managed?

Information governance

Information governance Government Artificial Intelligence Security

Concentric AI Secures $45M Series B to Expand Data Security

Data Breach Today

OCTOBER 25, 2024

Top Tier Capital, HarbourVest Support Concentric's Path to Autonomous Data Security Supported by Top Tier Capital Partners and HarbourVest Partners, Concentric AI’s $45 million Series B funding round will drive product innovation in identity governance, risk monitoring and data breach investigation - critical areas for enterprises seeking resilient (..)

Security

Security Data breaches Risk Government

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government Authentication Cybersecurity Data breaches

ISMG Editors: DSPM, DLP Converge to Reshape Data Security

Data Breach Today

OCTOBER 18, 2024

Also: Impact of NIS2 Directive in Europe, Cloud Governance Challenges In the latest weekly update, ISMG editors discussed the strategic convergence of data security posture management and data loss prevention technologies, evolving priorities of security leaders and the urgent readiness challenges posed by the NIS2 Directive.

Security

Security Cloud Government

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

The threat actors used exploits for the above issues in attacks against organizations in various sectors globally, allowing the APT group to access sensitive data and deploy infrastructure for ongoing data collection. cyber agencies warned.

Data collection

Data collection Authentication Access Cybersecurity

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

JUNE 5, 2024

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings.

Government

Government Metadata Military Passwords

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. ” reported Reuters.

Security

Security Access Government Cybersecurity

Australian government announced sanctions for Medibank hacker

Security Affairs

JANUARY 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group.

Government

Government Insurance Ransomware Data breaches

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Security Affairs

DECEMBER 3, 2024

Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 Securities and Exchange Commission (SEC), the company discovered the attack on November 25. million year-to-date. According to the FORM 8-K report filed with the U.S.

Ransomware

Ransomware Encryption Cybersecurity Access

Relyance AI Raises $32M to Take on AI Governance Challenges

Data Breach Today

OCTOBER 10, 2024

Thomvest Ventures Leads Series B Funding to Support Privacy and Security Compliance Relyance AI raised $32 million in Series B funding to grow its data governance platform.

Government

Government Privacy Compliance Security

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. ” continues the report. .”

Government

Government Authentication Phishing IT

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi. Then he requested help from Amnesty Internationals Security Lab fearing to be the target of surveillance software like other journalists in Serbia. ” continues the report.

Personal data

Personal data Encryption Security Privacy

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data

Security Affairs

MAY 8, 2024

The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans. The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data of approximately 272,000 armed forces personnel and veterans.

Data breaches

Data breaches Military Government Personal data

Texas Tech University data breach impacted 1.4 million individuals

Security Affairs

DECEMBER 17, 2024

Texas Tech University reports a data breach affecting 1.4 million, exposing personal, health, and financial data from its health sciences centers. Texas Tech University disclosed a data breach that impacted over 1.4 ” reads the notice of security breach published by the HSCs.

Data breaches

Data breaches Ransomware Insurance Access

Cybersecurity giant Fortinet discloses a data breach

Security Affairs

SEPTEMBER 12, 2024

Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server. The threat actor taunted the company, doubting its capabilities even after the acquisition of firms specializing in cloud security and data loss prevention. Guess what?

Data breaches

Data breaches Cybersecurity Cloud Access

How to Protect Privacy and Build Secure AI Products

Security Affairs

JULY 18, 2024

How to protect privacy and build secure AI products? How to Protect Privacy and Build Secure AI Products AI systems are transforming technology and driving innovation across industries. However, their unpredictability raises significant concerns about data security and privacy.

Privacy

Privacy Security Data Privacy Risk

France Travail data breach impacted 43 Million people

Security Affairs

MARCH 16, 2024

Unemployment agency France Travail (Pôle Emploi) recently suffered a data breach that could impact 43 million people. On August 2023, the French government employment agency Pôle emploi suffered a data breach and notified 10 million individuals impacted by the security breach.

Data breaches

Data breaches Personal data Ransomware GDPR

MoneyGram discloses data breach following September cyberattack

Security Affairs

OCTOBER 8, 2024

MoneyGram disclosed a data breach following a cyberattack in September, during which threat actors stole customer data. The company launched an investigation into the security breach and notified law enforcement. ” reads the notice of data breach published by MoneyGram. per share, taking the company private.

Data breaches

Data breaches Government Ransomware Cybersecurity

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Government

Government Authentication Communications Access

Kaiser Permanente data breach may have impacted 13.4 million patients

Security Affairs

APRIL 26, 2024

Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 Media reported [ 1 , 2 ] that the company is notifying millions of current and former members of a data breach. Shared data include names, IP addresses, and information about members’ operations on the company website and mobile apps.

Data breaches

Data breaches Passwords Government Access

NSA buys internet browsing records from data brokers without a warrant

Security Affairs

JANUARY 29, 2024

National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. released documents that confirmed the National Security Agency (NSA) buys Americans’ internet browsing records without a court order. Senator Ron Wyden, D-Ore.,

Metadata

Metadata Personal data Sales Privacy

MediSecure data breach impacted 12.9 million individuals

Security Affairs

JULY 19, 2024

MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. MediSecure has identified a cyber security incident impacting the personal and health information of individuals. The threat actors stole 6.5TB of data from a company’s server.

Data breaches

Data breaches Unstructured data Ransomware Phishing

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds. The federal securities laws prohibit half-truths, and there is no exception for statements in risk-factor disclosures.”

Cybersecurity

Cybersecurity Risk Access Government

Data of 3,191 congressional staffers leaked in the dark web

Security Affairs

SEPTEMBER 25, 2024

The personal information of approximately 3,191 congressional staffers has been leaked on the dark web , according to new research from internet security firm Proton and Constella Intelligence. The leaked data includes passwords, IP addresses, and social media information. “The volume of exposed accounts among U.S.

Passwords

Passwords Data breaches Security Risk

Hackers stole OpenAI secrets in a 2023 security breach

Security Affairs

JULY 5, 2024

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. ” The executives believed the threat actor was a lone hacker with no link to a foreign government. .”

Security

Security Artificial Intelligence Risk Access

Lithuania security services warn of China’s espionage against the country

Security Affairs

MARCH 10, 2024

A report published by Lithuanian security services warned that China has escalated its espionage operations against Lithuania. A report released by Lithuanian security services has cautioned that China has intensified espionage activities targeting Lithuania. ” reads the report published by Lithuanian security services.

Security

Security Government IT Access

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Security Affairs

APRIL 8, 2024

Greylock McKinnon Associates, a service provider for the Department of Justice, suffered a data breach that exposed data of 341650 people. GMA disclosed a data breach that impacted medicare and other information belonging to 5465 people. The data breach occurred on May 30, 2023, and was discovered on February 7, 2024.

Data breaches

Data breaches Insurance Cybersecurity Government

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 16, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Security Ransomware Sales

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain.

Ransomware

Ransomware Data breaches Unstructured data Personal data

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S. Targe including the U.S. Army, UN, NATO, and other agencies.

Data breaches

Data breaches Information Security Government Access

Increased GDPR Enforcement Highlights the Need for Data Security

Why DSPM is Essential for Achieving Data Privacy in 2024

Webinars

Trending Sources

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Webinars

Port of Seattle ‘s August data breach impacted 90,000 people

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Russian cyber spies stole data and emails from UK government systems

Canadian government impacted by data breaches of two of its contractors

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

ZAGG disclosed a data breach that exposed its customers’ credit card data

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Information Governance: The Foundation of Responsible AI Systems

Concentric AI Secures $45M Series B to Expand Data Security

U.S. CISA: hackers breached a state government organization

ISMG Editors: DSPM, DLP Converge to Reshape Data Security

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Cisco addressed Webex flaws used to compromise German government meetings

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Australian government announced sanctions for Medibank hacker

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Relyance AI Raises $32M to Take on AI Governance Challenges

Zimbra zero-day exploited to steal government emails by four groups

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data

Texas Tech University data breach impacted 1.4 million individuals

Cybersecurity giant Fortinet discloses a data breach

How to Protect Privacy and Build Secure AI Products

France Travail data breach impacted 43 Million people

MoneyGram discloses data breach following September cyberattack

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Kaiser Permanente data breach may have impacted 13.4 million patients

NSA buys internet browsing records from data brokers without a warrant

MediSecure data breach impacted 12.9 million individuals

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Data of 3,191 congressional staffers leaked in the dark web

Hackers stole OpenAI secrets in a 2023 security breach

Lithuania security services warn of China’s espionage against the country

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Stay Connected